Recommended Posts

Howdy Lacee and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Do Not Remove anything or run any tools/programs until advised to do so !

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  

 

===================================

 

Run these programs & post the logs for me !!

 

Download and run AdwCleaner

* Download AdwCleaner from here and save it to your desktop. >>> https://www.bleepingcomputer.com/download/adwcleaner/

* run AdwCleaner by clicking on Scan Now
* when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
* if it asks to reboot, allow the reboot
* on reboot, click on View Log File; please attach the content of the log to your next reply.


================

 

Run Malwarebytes Anti-Malware

* You may have Malwarebytes Anti-Malware installed but if not, you can download it from here: >>> https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
* run the program
* click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
* click on the ‘Scan’ tab, (directly below the Dashboard tab)
* select the Threat Scan option
* slick the Scan Now button
* Threat Scan will begin
* when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
* if prompted to restart the computer, close all other programs and click Yes to restart your computer
* once you are back at your desktop, open MBAM once more
* click on the ‘Reports’ tab
* double-click on the most recent Scan Report
* click on Export, then Copy to Clipboard
* Logs to include with the next post:
========================
If you have trouble with the logs !
Open Malwarebytes Anti-Malware
* click the Settings tab,at the top choose Protection and tick Scan for rootkits.
* Click the Dashboard tab, choose Scan, Threat Scan is checked and click Start Scan.
* If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
* Upon completion of the scan (or after the reboot), click the Reports tab.
* Double-click the Scan Log.
* At the bottom click Export and choose Text file.

* Save the file to your desktop and include its content in your next reply.

* You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here.

 

=======================

 

Run Farbar Recovery Scan Tool

* It is very IMPORTANT to save to desktop ...... Please download Farbar Recovery Scan Tool and save it to your Desktop. >>> https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

* Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
* right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
* press Scan button
* it will produce a log called Frst.txt in the same directory the tool is run from
* please copy and paste log back here.
* the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.
* Logs to include with next post:

Frst.txt
Addition.txt

Thanks

Chuck

 

Link to post
Share on other sites

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build:    03-22-2021
# Database: 2021-03-29.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    03-29-2021
# Duration: 00:00:46
# OS:       Windows 10 Home
# Cleaned:  72
# Failed:   0


***** [ Services ] *****

Deleted       WtuSystemSupport

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted       C:\Program Files (x86)\avg web tuneup
Deleted       C:\Program Files\Common Files\AVG Secure Search
Deleted       C:\Program Files\avg web tuneup
Deleted       C:\ProgramData\AVG_UPDATE_0116TB
Deleted       C:\ProgramData\AVG_UPDATE_0215TB
Deleted       C:\ProgramData\AVG_UPDATE_0415TB
Deleted       C:\ProgramData\AVG_UPDATE_0615TB
Deleted       C:\ProgramData\AVG_UPDATE_0616TB
Deleted       C:\ProgramData\AVG_UPDATE_0715TB
Deleted       C:\ProgramData\AVG_UPDATE_0716TB
Deleted       C:\ProgramData\AVG_UPDATE_0915TB
Deleted       C:\ProgramData\AVG_UPDATE_1015TB
Deleted       C:\ProgramData\AVG_UPDATE_1114TB
Deleted       C:\ProgramData\AVG_UPDATE_1214TB
Deleted       C:\ProgramData\AVG_UPDATE_1215TB
Deleted       C:\ProgramData\AVG_UPDATE_1216TB
Deleted       C:\ProgramData\avg web tuneup
Deleted       C:\Users\Lacee\AppData\LocalLow\AVG SafeGuard toolbar
Deleted       C:\Users\Lacee\AppData\Local\MessengerTime
Deleted       C:\Users\Lacee\AppData\Local\Packages\windows_ie_ac_001\AC\AVG Web TuneUp
Deleted       C:\Users\Lacee\AppData\Local\avg web tuneup
Deleted       C:\Users\Lacee\AppData\Roaming\MessengerTime
Deleted       C:\Users\Lacee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MessengerTime
Deleted       C:\Users\Lacee\AppData\Roaming\OpenCandy

***** [ Files ] *****

Deleted       C:\Users\Lacee\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\MessengerTime.lnk
Deleted       C:\Users\Public\Desktop\eBay.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted       C:\Windows\Tasks\0116TBUPDATEINFO.JOB
Deleted       C:\Windows\Tasks\0215TBUPDATEINFO.JOB
Deleted       C:\Windows\Tasks\0415TBUPDATEINFO.JOB
Deleted       C:\Windows\Tasks\0615TBUPDATEINFO.JOB
Deleted       C:\Windows\Tasks\0715TBUPDATEINFO.JOB
Deleted       C:\Windows\Tasks\0915TBUPDATEINFO.JOB
Deleted       C:\Windows\Tasks\1015TBUPDATEINFO.JOB
Deleted       C:\Windows\Tasks\1114TBUPDATEINFO.JOB
Deleted       C:\Windows\Tasks\1214TBUPDATEINFO.JOB
Deleted       C:\Windows\Tasks\1215TBUPDATEINFO.JOB

***** [ Registry ] *****

Deleted       HKCU\Software\AppDataLow\Software\MessengerTime
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\land.pckeeper.software
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pckeeper.software
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\land.pckeeper.software
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pckeeper.software
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Deleted       HKLM\Software\AVG Secure Search
Deleted       HKLM\Software\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Deleted       HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Deleted       HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted       HKLM\Software\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Deleted       HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Deleted       HKLM\Software\Classes\WtuServer.WtuServerObj
Deleted       HKLM\Software\Classes\WtuServer.WtuServerObj.1
Deleted       HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|MessengerTime
Deleted       HKLM\Software\Wow6432Node\AVG Tuneup
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted       HKLM\Software\Wow6432Node\\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Deleted       HKLM\Software\Wow6432Node\\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Deleted       HKLM\Software\Wow6432Node\\Google\Chrome\NativeMessagingHosts\avgsh
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|MessengerTime
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\MessengerTime
Deleted       HKLM\System\Setup\FirstBoot\Services\WtuSystemSupport

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [13479 octets] - [29/03/2021 16:36:41]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Link to post
Share on other sites

Hey Lacee, just a bunch of junk which can slow down a computer !! Let's see what else we find ! After we run the Farbar program i will type you up a fix so you can run it !!

Do you still use/have Avg. as an antivirus ??? Reason i ask is Windows10 which you have has a built in antivirus protection/scanner it is all that i use !

Chuck

Link to post
Share on other sites

Lacee, we have a 5 day response to our Malware Removal section before it is locked !! I will give you one more day to respond before i lock this topic !! Please respond if you still need help !!

Chuck

Link to post
Share on other sites

This topic is now closed & locked ! If you need it opened again please PM me a message !

Thanks

Chuck

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.